
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@gotamedia/shapeshifter
Advanced tools
Shapeshifter is a general format converter. It converts strings of one format (shape) into a string of another.
Shapeshifter is a general format converter. It converts strings of one format (shape) into a string of another.
npm install @gotamedia/shapeshifter
const { OpenContentShapeProvider, ShapeBuilder } = require("@gotamedia/shapeshifter");
const shape = await new ShapeBuilder()
.useShapeProvider(new OpenContentShapeProvider())
.useInput(inputString)
.build();
console.log(shape.shift());
That's it! You can use any number of shape providers or plug in your own. To enable all available shape providers you can use a shape provider resolver.
const { ShapeBuilder, ShapeProviderResolver } = require("@gotamedia/shapeshifter");
const shape = await new ShapeBuilder()
.useShapeProviderResolver(new ShapeProviderResolver("/path/to/shape/providers/"))
.useInput(inputString)
.build();
console.log(shape.shift());
This saves you from updating the code anytime you want to use additional shape providers.
Shapeshifter also comes with a convenient CLI tool. You can use it to convert shapes in npm scripts or simply on the command line.
The shapeshifter command accepts input as stdin. This makes it easy to use with pipes. Here is a simple example using curl on the command line to fetch and convert an article from Open Content.
curl --silent --user [credentials] http://xlibris.oc.gota.infomaker.io:8080/opencontent/objects/[uuid] | shapeshifter
And here is an example of converting an article in a file.
shapeshifter < [path/to/article].xml
Shapeshifter is released under the MIT License.
FAQs
Shapeshifter is a general format converter. It converts strings of one format (shape) into a string of another.
We found that @gotamedia/shapeshifter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.